Try Our New BETA Version
GO
(navigation image)
Home Animation & Cartoons | Arts & Music | Community Video | Computers & Technology | Cultural & Academic Films | Ephemeral Films | Movies | News & Public Affairs | Prelinger Archives | Spirituality & Religion | Sports Videos | Television | Videogame Videos | Vlogs | Youth Media
Search: Advanced Search
Anonymous User (login or join us)
Upload

View movie

item imageitem imageitem imageitem image

View thumbnails

Play / Download (help[help])

(67.6 M)Ogg Video
(95.0 M)h.264
(267.9 M)QuickTime


All Files: HTTPS Torrent (2/0)
[Attribution-Share Alike 3.0]

Resources

Bookmark

Xeno Kovah2013 Day2P9 Life of Binaries: Forwarded Exports

something has gone horribly wrong 8-p
Prefer flash? · Embed · Questions/Feedback?

The class materials are available at http://www.OpenSecurityTraining.info/LifeOfBinaries.html
Follow us on Twitter for class news @OpenSecTraining.

Have you ever wondered what happens when a C program is compiled and executed on a system? This three-day class by Xeno Kovah will investigate the life of a binary from birth as C source code to death as a process running in memory being terminated.

Topics will include but are not limited to:

*Scanning and tokenizing source code.

*Parsing a grammar and outputting assembly code.

*Different targets for x86 assembly object files generation. (E.g. relocatable vs. position independent code).

*Linking object files together to create a well-formed binary.

*Detailed description of the Windows PE binary format.

*How Windows loads a binary into memory and links it on the fly before executing it.

*Detailed description of the Unix/Linux/BSD ELF binary format.

Along the way we will discuss the relevance of security at different stages of a binary's life, from how viruses *really* work, to the way which malware "packers" duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).

Lab work will include:

*Using the new "Binary Scavenger Hunt" tool which creates randomized PE binaries and asks randomized questions about the material you just learned!

*Manipulating compiler options to change the type of assembly which is output

*Manipulating linker options to change the structure of binary formats

*Reading and understanding PE files with PEView

*Using WinDbg to watch the loader resolve imports in an executable

*Using Thread Local Storage (TLS) to obfuscate control flow and serve as a basic anti-debug mechanism

*Creating a simple example virus for PE

*Analyze the changes made to the binary format when a file is packed with UPX

*Using the rootkit technique of Import Address Table (IAT) hooking to subvert the integrity of a program's calls to external libraries, allowing processes to be hidden.


The prerequisites for this class are a basic understanding of C programming and compilation. This class is recommended for a later class on Rootkits (playlist: http://bit.ly/HLkPVG) as we talk about IAT Hooking, and required for a later class on malware analysis.



This movie is part of the collection: OpenSecurityTraining.info

Producer: Xeno Kovah
Keywords: OpenSecurityTraining.info; Computer security class; security; Computer Security; Cyber Security; Host Security; binaries; binary executable format; Windows executable; Windows PE; PE; PE/COFF; Portable Executable; parsing; lexing; tokenizing; concrete syntax tree; parse tree; abstract syntax tree; abstract assembly tree; context free grammars; compiling; linking; x86 assembly; IAT; IAT hooking; EAT; TLS; DEP; ASLR; SEH; computer virus; packers; UPX; debugging; WinDbg; ELF binary format; Executable and Linkable Format; ELF

Creative Commons license: Attribution-Share Alike 3.0


Individual Files

Movie Files Thumbnail Animated GIF QuickTime h.264 Ogg Video
PR_LoB2013_D2P9_ForwardedExports.mov 4.6 KB 
139.4 KB 
267.9 MB 
95.0 MB 
67.6 MB 
Information FormatSize
LoB2013D2P9_files.xml Metadata [file] 
LoB2013D2P9_meta.sqlite Metadata 29.0 KB 
LoB2013D2P9_meta.xml Metadata 5.9 KB 
Other Files Archive BitTorrent
LoB2013D2P9_archive.torrent 19.0 KB 

Be the first to write a review
Downloaded 264 times
Reviews


Terms of Use (31 Dec 2014)